ff0c139dc8
Use the new authentik config pattern for setting listening addresses
2026-01-13 14:58:11 +00:00
5288c5857a
Add separate restic roles for separate credentials
...
I don't want corp and prod accidentally smashing each other, or being
used as a credentials escalation attack.
2026-01-13 14:57:33 +00:00
d6fc5502f6
Add report/sync URLs for nidus
2026-01-12 14:12:56 +00:00
d66286d663
Remove now-defunct and failing fssync export process
2026-01-12 14:12:56 +00:00
1055f382fc
Move nidus sync to its own backup buckets
...
When doing the restore recently it seemed likely that there were
conflicts with sharing the buckets.
2026-01-12 14:12:12 +00:00
b5defe1bf0
Add restic backup for all corp services
2026-01-12 00:49:27 +00:00
0ac27f8b99
Add switch-fix commands
2026-01-05 00:27:23 +00:00
e5f5117cdd
Add eliribble to trusted users for pushing updates
...
This should make it possible to push remote builds.
2026-01-04 21:07:51 +00:00
23a61985dc
WIP getting legacy-sexcore back up
...
At this point I was able to successfully nixos-anywhere the system and
SSH back in afterwards. That's progress worth keeping.
2026-01-04 21:07:51 +00:00
840c68524f
Add alternative IP address and SSH port
...
I was trying to use it to get around public wifi firewalls
2025-12-11 14:31:58 +00:00
af1de58c28
Add initial attempt at qgis
...
Doesn't work, likely due to missing CPU instruction support (AVX).
2025-12-11 14:31:57 +00:00
63bd931034
Clean up old, unused restic
2025-11-29 16:30:58 +00:00
1c3ca5909b
Reverse proxy for tegola through caddy to get TLS
2025-11-15 15:00:39 +00:00
423c1e6d9f
Working tegola delpoy
...
This uses the data from Bonn, Germany which I downloaded from
https://github.com/go-spatial/tegola-example-bonn/tree/main
2025-11-14 18:58:42 +00:00
f3b8602f30
Actually serve sync.nidus.cloud with the new config.
2025-11-11 17:57:35 +00:00
44c0d83bf6
Add nidus-sync production module
...
This will allow me to keep nidus-sync stable while continuing to do
development on this same server on a different port.
2025-11-11 17:24:41 +00:00
a94d491929
Add jq to all servers
...
Generically useful
2025-11-11 17:24:41 +00:00
e1f7581bde
Add asterisk
...
It seems to work - I connected a client to it - but I never successfully
made any calls.
2025-11-11 17:24:40 +00:00
273d42024b
Add git-lfs to all systems
2025-11-11 17:24:40 +00:00
0fad3ec351
Add watchexec to all servers
...
Really useful tool for continuously changing things.
2025-11-11 17:24:39 +00:00
d7feca7bea
Get twenty CRM actually running
...
I had to punt and allow IP-based connection over the docker network port
rather than mount the unix domain socket.
For now.
2025-10-22 21:36:19 +00:00
9683488ef9
Add initial draft of twenty-crm
...
Not sure if any of it works, this is a checkpoint to debug other things.
2025-10-22 18:17:13 +00:00
7147413112
Switch fieldseeker to not do a top-level merge
...
This actually breaks on any servers that don't define the fieldseeker
deployments as an empty list. Instead we do the clunkier, but working,
import-then-merge-each-attr.
2025-10-22 18:02:15 +00:00
dd3ae9f4d3
Add ffmpeg to webserver runtime
...
Because it's running it as a subprocess now for transcoding.
2025-10-22 18:02:15 +00:00
6d780d8ada
Add non-standard SSH port
2025-10-22 18:02:15 +00:00
c83b46a352
Deploy fssync without separate audio post processor
2025-10-22 18:02:15 +00:00
fff3fa31b9
Switch to full domains in frps config
2025-10-22 18:02:15 +00:00
4e68e938ef
Add config for frps subdomains
2025-10-22 18:02:15 +00:00
d739394ae2
Specify the bind port directly
...
It's not a secret, and this will make it possible to use the
address/interface configured in the host configuration.
2025-10-22 18:02:15 +00:00
010cabfe14
Add frps systemd unit for running frps all the time
2025-10-22 18:02:15 +00:00
71d1109bf8
Disable glitchtip private tmp
...
I can't auto-clean the temp files when private temp is enabled according
to Claude
2025-10-20 23:00:07 +00:00
2d5ccb7a8c
Disable glitchtip
...
Apparently our problems are fixed in the latest release, but we can't
have it until we go NixOS unstable, which I don't want to do yet.
2025-10-20 23:00:07 +00:00
512a86e0b9
Remove warning about string type.
2025-10-20 23:00:07 +00:00
62b4eb1933
Add frps systemd unit for running frps all the time
2025-10-13 22:03:15 +00:00
311890c861
Add frpc/frps to the system packages
2025-10-13 17:10:22 +00:00
8995e95041
Add the sovr role and initial frps deployment
2025-10-13 17:06:15 +00:00
fc936897c7
Move base restic backup config into a restic module
...
This way its not duplicated in fieldseeker-sync
2025-10-08 20:35:33 +00:00
da0954e737
Allow logic reuse in fieldseeker-sync deployment
...
This uses a system of patterns to deploy everything needed for
fieldseeker sync and standardizes the naming conventions.
2025-10-08 20:34:49 +00:00
de98f88da8
Make fieldseeker-sync a flake input
...
Makes it easier to update since I just bump the commit ID and then it'll
deploy
2025-10-07 18:24:58 +00:00
3e89673560
Get rag_api running through unix domain socket postgres
2025-10-03 15:01:36 +00:00
e569fcd7d4
Switch to custom built label-studio
...
I have a bug fix in to them for audio streaming
2025-10-03 15:01:36 +00:00
938b1863f4
Fix missing redirect for console login
...
Without this we get redirected to "/console" which doesn't load the UI
for some reason.
2025-10-03 15:01:36 +00:00
54b79f1437
Switch reverse proxy to also handle s3 API
...
Without this we only get the console but can't actually access the
S3-compatible portion of the API
2025-10-03 15:01:36 +00:00
dad759c4b3
Add minio module for S3-compatible object storage
...
Label Studio _really_ prefers using a direct object storage model. Can't
say I blame them, it makes sense given they are running Python.
I had to bump Authentik to not use its default port so that minio could
use its own default port. That seemed safest given that Authentik is
always proxied but minio/S3 may _not_ be. I'm just not sure.
2025-10-03 15:01:36 +00:00
dbbed7117a
Set up reverse proxy, configure hostname
...
It was rather rediculously hard to get the CSRF settings correct. I
don't think I can register new users on anything but the commandline at
this point via:
podman exec -it podman-label-studio /bin/bash
label-studio start --username <username> --password <password>
Where <username> should actually be an email.
2025-10-03 15:01:36 +00:00
d246caa613
Connect label-studio to postgres
2025-10-03 15:01:36 +00:00
8790585e6b
Add label-studio initial module
...
To make this work I have to map to the user 1001 inside the container.
I can't figure out how to do that intelligently after a bunch of
experimenting. Instead I'm just creating a new user "label-studio" with
uid 1001 and chowning the data directory to that user.
This is very brittle.
However, it's working, so I'm moving forward.
2025-10-03 15:01:36 +00:00
a30f3321b1
Stop copying the glitchtip directory inside itself
...
Over and over and over again
2025-10-03 15:01:36 +00:00
443af99364
Enable mosh on all servers
...
For times when I have to connect over cellular
2025-10-03 15:01:36 +00:00
e3cb729e42
Get fieldseeker-sync database backup working
...
The previous version only cleaned up previous backups because it was
missing a path or a set of dynamic files which is a feature for doing
cleanup. Instead I backported the unstable version so I could use
stdin-from-commend. Tested now and the upload completed.
2025-10-01 14:48:56 +00:00
